Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp335630lqp; Thu, 4 Apr 2024 15:01:29 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVMcJL+Rtjg42bptaa8nHQrmakIiP+Dl8OrDqTXNrHu+77TYNuYg9Kn2AZF2R/DOR572d4bj4YZ1oeo4/SdFMJQhPVppW2r86+kBajEwQ== X-Google-Smtp-Source: AGHT+IEJRmPI4tQ9gkxTFyYwVtTfqoWkH/AsqudI06oYRQpZtfK1ZNl+J3vnY2b2f3CFzDHLGqpF X-Received: by 2002:a67:ce19:0:b0:478:87d6:abd9 with SMTP id s25-20020a67ce19000000b0047887d6abd9mr752006vsl.17.1712268088998; Thu, 04 Apr 2024 15:01:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712268088; cv=pass; d=google.com; s=arc-20160816; b=T4U5mlrXQpvxhfRnFlGJcj09wcAIRDJ/4Qa3i8cPCZDExBH9Eu20UWjdPP+cyZ5kMp RDSgqmbZpVq71YsvqUivRrYgt9FtDWdmAVRmBHSlETI5yJeDAvCuUQs4+ehaQcbLJOpY rySUgNuAlHZratXfp06hZTwI16mUDnLYUFuceKSmKPcuyPCzxoqipsqXvWkjE8FmDASA xzeZZx4WzIbMltPnMkexW/+mkAc8AAGPJ1Md56OUwE5zJ0ewOGKtEZVYM8DKbFuWqcRc 76dRznX2twCNuI69ESFxF1kFWeZDRVS2gGSuQG0VLOt9FA+yhngpBvrjzT8egZY/60rW foOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=5GxWmiEW8cxRUvYpr6QE/44g8xV+AEZ5YGPD0FX451A=; fh=yiZaDL1IeCHrUUayVEIqweIygAmg6JG/r7EFhHKURr4=; b=cUEgkplxqR/yS74grIVkWZmWvY/b0Pvsbj6/4kIx/ifJohtaRzMx42yX496+iwIXY/ u0NiYDHOPHfcXM72BjjeMoNquR4nyaC0V60GBUNBQqVs/9d6XU5z9NaRfuYp7z3feGAC qbCx2ugHRZ0ht1fghzOwVdvWbxiZkyKp4/6wYTORZgAijhH3rPyJl+ToPcQcyqvF5KN/ D3Rlbt6X7kVd3f61zW5O9urlhKQcSOsHrD97We88ELG/Z7ujyWZvqdH+I2+opTar7wUD vPuvj9ezXRFi9s7T1ZfBAEydd5sR7Cfc0e9EhgZNPkK96iVpfSAhmnUfw4NAykph2lWd cTLA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=SvSU3HHb; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-132177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-132177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id w8-20020a056102304800b00472e1e7e3dasi58832vsa.633.2024.04.04.15.01.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 15:01:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-132177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=SvSU3HHb; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-132177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-132177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id B110D1C226B7 for ; Thu, 4 Apr 2024 22:01:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0CA7413C3DE; Thu, 4 Apr 2024 22:01:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b="SvSU3HHb" Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0B92413BAEB; Thu, 4 Apr 2024 22:01:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.89.141.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712268078; cv=none; b=pCbvaxAy7z5T5Yz+b7LLe1eoyLYEz5M6TU+pDI7zvoXkcq8H86qAm4j0OAEz8bbrgrHnl1w1fqFSatUNS2rypS0UY3aMB1BjUfIf4FuqFEBKV1p5mORanwCHH8V/qdSxAL+ZMvgGK84DX+Zn7LwmL1M1JuBtzr8JZsH5lWch+AA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712268078; c=relaxed/simple; bh=6QN77bM5eaKWq592iQn7Zfbv1Ht+etn+Tqg/2FEHFoM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=QpTc228pxFFCiIr7Zys0N8ScGrI0TtsYGrxt/LcK6daidyHr0CPwcPpXF8IYPttVb1KCsOOfgXEVvU3tsPHhl+Pq2DCf030wuMGhJdNXPWQHjv4Uv6qJun0G83rmkGY53ki2kOohyy8YF1uAmFM0o9gLuFnprUKH2bnhOB4hWqs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk; spf=none smtp.mailfrom=ftp.linux.org.uk; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b=SvSU3HHb; arc=none smtp.client-ip=62.89.141.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ftp.linux.org.uk DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=5GxWmiEW8cxRUvYpr6QE/44g8xV+AEZ5YGPD0FX451A=; b=SvSU3HHbitU7Sm0vaC2Gbie+g1 sAgr23TjHvoIlqpobR5T5/90hjdhQ6shFrov4ee1f8i/p1nLbpsYwS1EsWogUTPh0L5+9qzFB1GTg YIo4tCKvESp+K51GQGcsB+SQPfNvu4idwZI5ZyBfbsSN78JY+0yXAaZIJsfvDtpc/oIqzaliUoFHI HV3RA0+32e0/GD3rXLtQG0dLJH4mYTJVeIvPjrbGKiWZYmhorc1slpRwojKS0QCl8Iv34Yc1w4CEW f8eanWfn9yxsqm+V9p0sNqYSeqzpKtRNIsFvd+XlWZTq3SLxE8GVdtOsl4BO10l6ZgpAI3rlaj7y9 kgH5WAnA==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux)) id 1rsV8u-005rD2-2G; Thu, 04 Apr 2024 22:01:08 +0000 Date: Thu, 4 Apr 2024 23:01:08 +0100 From: Al Viro To: Amir Goldstein Cc: syzbot , gregkh@linuxfoundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, tj@kernel.org, valesini@yandex-team.ru, Christoph Hellwig , Christian Brauner , Jan Kara , Miklos Szeredi Subject: Re: [syzbot] [kernfs?] possible deadlock in kernfs_fop_llseek Message-ID: <20240404220108.GT538574@ZenIV> References: <00000000000098f75506153551a1@google.com> <0000000000002f2066061539e54b@google.com> <20240404081122.GQ538574@ZenIV> <20240404082110.GR538574@ZenIV> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro On Thu, Apr 04, 2024 at 12:33:40PM +0300, Amir Goldstein wrote: > This specifically cannot happen because sysfs is not allowed as an > upper layer only as a lower layer, so overlayfs itself will not be writing to > /sys/power/resume. Then how could you possibly get a deadlock there? What would your minimal deadlocked set look like? 1. Something is blocked in lookup_bdev() called from resume_store(), called from sysfs_kf_write(), called from kernfs_write_iter(), which has acquired ->mutex of struct kernfs_open_file that had been allocated by kernfs_fop_open() back when the file had been opened. Note that each struct file instance gets a separate struct kernfs_open_file. Since we are calling ->write_iter(), the file *MUST* have been opened for write. 2. Something is blocked in kernfs_fop_llseek() on the same of->mutex, i.e. using the same struct file as (1). That something is holding an overlayfs inode lock, which is what the next thread is blocked on. + at least one more thread, to complete the cycle. Right? How could that possibly happen without overlayfs opening /sys/power/resume for write? Again, each struct file instance gets a separate of->mutex; for a deadlock you need a cycle of threads and a cycle of locks, such that each thread is holding the corresponding lock and is blocked on attempt to get the lock that comes next in the cyclic order. If overlayfs never writes to that sucker, it can't participate in that cycle. Sure, you can get overlayfs llseek grabbing of->mutex of *ANOTHER* struct file opened for the same sysfs file. Since it's not the same struct file and since each struct file there gets a separate kernfs_open_file instance, the mutex won't be the same. Unless I'm missing something else, that can't deadlock. For a quick and dirty experiment, try to give of->mutex on r/o opens a class separate from that on r/w and w/o opens (mutex_init() in kernfs_fop_open()) and see if lockdep warnings persist. Something like if (has_mmap) mutex_init(&of->mutex); else if (file->f_mode & FMODE_WRITE) mutex_init(&of->mutex); else mutex_init(&of->mutex); circa fs/kernfs/file.c:642.